Skype Vulnerability, Now Blocked, Allowed Account Hijack

A security vulnerability in Skype, in use for 2 months, allowed an attacker to hijack a Skype account if they knew the email address of the user. Skype has temporarily disabled the feature which allowed the attack.

The problem was first publicized last night on Russian web forums. Skype now claims to have fixed the password reset so that it cannot be abused in this way.

Skype issued a statement on the issue:

Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.

Just because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.